Campfire 2 (HTB-Sherlock)
· 5 min read
On to the second part of the Campfire Sherlock from Hack the Box. Again, if you have not read my previous write-up on Campfire 1, go check it out. The aim is to complete all Sherlocks in the Detecting Active Directory Attacks track on HTB labs. Time to investigate!
The Scenario
Forela's Network is constantly under attack. The security system raised an alert about an old admin account requesting a ticket from KDC on a domain controller. Inventory shows that this user account is not used as of now so you are tasked to take a look at this. This may be an AsREP roasting attack as anyone can request any user's ticket which has preauthentication disabled.